Symantec Encryption Management Server Web Email Protection users running Internet Explorer 9 or 10 with the MS13-055: Cumulative Security Update for Internet Explorer: July 9, 2013 (KB2846071) update installed cannot add attachments to messages.
The problem occurs when a user tries to add an attachment to a Web Email Protection message doing the following:
Create a new message or reply to an existing one.
This type of problem is acknowledged by Microsoft in the Known issues with this security update section of MS13-055:
After you install the security update for Internet Explorer 9 or for Internet Explorer 10 that is described in Microsoft security bulletin MS13-055, you may experience the following issues when you access some websites:
No error is displayed for the user and the Symantec Encryption Management Server Web Email Protection log shows only the following when the user with email address [email protected] is replying to a message and trying to add an attachment:
2013/07/17 17:21:45 +01:00 INFO pgp/wm[2002]: 10.12.39.241 [email protected] Login
2013/07/17 17:21:45 +01:00 INFO pgp/wm[2002]: 10.12.39.241 [email protected] Session initiated
2013/07/17 17:21:45 +01:00 NOTICE pgp/wm[2002]: 10.12.39.241 [email protected] read message <[email protected]>
2013/07/17 17:22:01 +01:00 INFO pgp/wm[2002]: 10.12.39.241 [email protected] Session terminated
This issue is caused by the KB2846071 hotfix which is described in Microsoft Security Bulletin MS13-055 published on 2013-07-09. Many users of Internet Explorer 10 will have it applied automatically via Windows Update. Users with Internet Explorer 9 who have installed the update are also affected.
The hotfix changes the way that javascript functions in the browser which is used for the upload and logoff functionality of Web Messenger.
Use the following steps to determine if KB2846071 hotfix update is installed.
Update Internet Explorer to MS13-059: Cumulative security update for Internet Explorer: August 13, 2013 (KB 2862772). By default, users of IE 10 will receive this update automatically. Alternatively, it can be downloaded for IE 9 from here or for IE 10 from here.
This Microsoft update corrects the problem with IE 9 and IE 10 that was introduced with MS13-055.
Applies To
The following have been tested, but this issue may affect all versions of Symantec Encryption Management Server and PGP Universal Server:
Please note that the following versions of Windows and Internet Explorer do not exhibit this problem: